Riveting Ransomware Statistics

30 Riveting Ransomware Statistics in 2024

30 Riveting Ransomware Statistics in 2024

As we adjust to a new way of life post-pandemic, cyberattacks become a major topic of conversation.

Over 20% of cyberattacks in 2021 involved ransomware.

Cybercriminals took advantage of an opportunity during the pandemic to wreak as much havoc as they could.

The following statistics may surprise you, or you may think it’s the cost of all the technology at hand today. 

Regardless of whether you’re surprised or not, these statistics about ransomware are serious business to which no one is immune.

There are industries like healthcare, education, and finance that are at the highest risk.

However, small-to-medium sized businesses are also vulnerable.

The world has come a long way since ransomware was just used as a buzzword.

Today, the threat is real, and it leaves a wave of victims in its wake.

Businesses, government agencies, and individuals are all susceptible to cyberattacks, including ransomware.

While cybercriminals want to get as much money as they can out of their victims, they will use smaller targets as well.

Contents show

What is Ransomware?

In short, ransomware is categorized as malware (malicious software) designed to deny users access to their computer system (including files and protected data) until the user pays the “ransom” for it.

Phishing emails are the most-used method of delivery for ransomware. 

Let’s discuss ransomware statistics and its impact all over the globe.

Key Ransomware Statistics 

  • In 2021, 21% of all cyberattacks were categorized as ransomware. 
  • In the first quarter of 2023, 543% of ransomware attacks were unreported. 
  • In 2022, 236.1 million ransomware attacks were reported from all over the world.
  • Worldwide ransomware attacks happen every 19 seconds, with 1.7 million incidents each day.
  • As per 2021 data, the average cost of recovery from a single ransomware attack is $1.85 million.
  • The predicted cost of all cybercrimes around the world is $10.5 trillion by 2025.
  • The 40 ransomware attacks that occurred in February 2023 was a rise of 21% over January 2023.
  • IBM research showed that 17 months was the average time before ransomware gangs either shut down or rebrand.
  • The highest percentage of X-Force Incident Response ransomware attacks in 2020 occurred in June.
  • 25 incidents of hospital ransomware attacks were reported in 2022.

Important Ransomware Statistics in 2024


While each section in this article will address statistics about ransomware that everyone should know, we are starting with the most important ones first.  

1. In 2021, 21% of All Cyberattacks Were Categorized as Ransomware. 

Ransomware accounted for 21% of all cyberattacks in 2021, according to the IBM Security X-Force Threat Intelligence Index 2022 Report.

In fact, ransomware was the number one type of malicious cyberattack seen by X-Force in 2021. 

While this is a decrease of 2% compared to 2020 (23%), it’s little consolation to those who experienced reported ransomware attacks.

Also, 37% of all ransomware events were perpetrated by Sodinokibi (REvil ransomware actors).

The rest of these cyberattacks involved phishing attacks. 

(IBM, 2022 Report)

2. In The First Quarter of 2023, 543% of Ransomware Attacks Were Unreported. 

A shocking 543% of all ransomware attacks in the first two months of 2023 alone were not reported.

In January 2023, there were 33 publicly reported ransomware events, which is the highest ever for the first month of the year. 

The education industry was hit with 11 attacks of ransomware, which accounts for more than one-third of all 33 ransomware attacks publicly disclosed.

These 33 ransomware attacks occurred in the United States, The United Kingdom, Costa Rica, Japan, France, and other countries.

Ransomware is a global problem as seen by these statistics. 

(BlackFog, 2023)

3. In 2022, 236.1 Million Ransomware Attacks Were Reported from All Over the World.

In 2022, the world saw 236.1 million ransomware attacks.

Between the Q2 and Q4 of 2021, the world saw a substantial decrease of 56 million (from 189 million to 133 million).

The overall figure for global ransomware attacks still came to 623.3 million in 2021.

Additionally, the world saw a decrease in ransomware attacks between the Q2 of 2021 and the Q2 of 2022.

Attacks went from 189 million to 106 million in that period. However, an 18% increase was seen between Q1 and Q2 of 2022.

(Statista, 2022)

4. Worldwide Ransomware Attacks Happen Every 19 Seconds, with 1.7 Million Incidents Each Day.

While ransomware was once almost exclusively problematic for large corporations and entities, today, it’s an ongoing, ever-growing threat to the world’s small businesses.

According to the statistics, ransomware attacks occur every 19 seconds, which accounts for 1.7 million per day.

Ransomware attacks are nothing to ignore.

Businesses that are victimized by ransomware offenders lose money, but they also lose their reputation, which can result in a total company shutdown. 

If you own a small, medium, or large business anywhere in the world, please take precautions to protect your company, your clients/customers, and yourself.

(Astra Security, 2023, Nevada Small Business, 2023)

5. As Per 2021 Data, the Average Cost of Recovery from A Single Ransomware Attack Is $1.85 Million.


Whether the company pays the ransom or not, recovery methods are still necessary to move forward.

The average bill to resolve issues occurring from a single ransomware incident is $1.85 million. 

This figure is higher than in 2020, when a single recovery effort for ransomware cost $0.76 million. 

These monetary losses include network costs, the cost of lost opportunities, downtime, employee time, device costs, and the cost of the ransom.

There are other costs to cover, but these are the main costs included in the $1.85 million. 

(Sophos, 2021)

6. The Predicted Cost of All Cybercrimes Around the World Is $10.5 Trillion by 2025.

Ransomware falls under the umbrella of cybercrime, so it will play a significant role in the $10.5 trillion expected by 2025 in overall global cybercrime.

This prediction comes from the reputable company, Cybersecurity Ventures. 

In 2015, the global costs of cybercrimes accounted for $3 trillion. So, a huge increase from $3 trillion to $10.5 trillion is expected over ten years.

Therefore, we can expect that this issue will become known as the ‘greatest transfer of wealth in history”. 

Besides ransomware, these costs will include the damage of data, the destruction of data, intellectual property theft, stolen money, losses in productivity, personal identity and information theft, fraud, embezzlement, etc.

It’s believed that it will cause irreparable harm.

(GlobeNewswire, 2020)

7. The 40 Ransomware Attacks that Occurred in February 2023 Was a Rise of 21% Over January 2023.

We mentioned that January 2023 was a record month for the most ransomware attack every recorded at 33 incidents.

February experienced 40 total ransomware events, which is 21% more than January’s record number.

In January, the education industry was the hardest hit by ransomware, while in February, the government was the hardest hit.

Healthcare was a close second in February. 

Some other companies that made the news for ransomware attacks include Dole Foods, ION (financial trading group), Five Guys (restaurant), and Technion – Israel Institute of Technology. 

(BlackFog, 2023)

8. IBM Research Showed that 17 Months Was the Average Time Before Ransomware Gangs Either Shut Down or Rebrand.

X-Force studied ransomware gangs only to discover that each gang has a lifespan of 17 months.

That doesn’t always mean the groups disband, but instead some of them rebrand under a new name. 

One outlier instance observed by X-Force was Revil, which is considered one of the most successful ransomware gangs, disbanded after 31 months of successful hacking.

Otherwise, they work for 17 months and either quit or brand. 

Ransomware gangs are groups of people who work together to commit ransomware crimes. 

(IBM, 2022 Report)

9. The Highest Percentage of X-Force Incident Response Ransomware Attacks in 2020 Occurred in June. 

In June 2020, in 50% of X-Force IR incidents, ransomware was the culprit. In June 2021, that figure was 33%.

The next highest at 48% occurred in November 2021, with only 5% in November 2022.  

This data is what was observed by X-Force and doesn’t include other observations across the cybersecurity industry.

Imagine what those numbers might look like. 

There were several fluctuations between January 2021 and December 2021, with June experiencing the most activity in ransomware among Incident Response reporting.

There were also fluctuations in these percentages in 2022, but not to the same extent.

(IBM, 2022 Report)

10. REvil Ransomware Accounted for 37% of All Ransomware Attacks Observed by X-Force in 2021.


We did mention this tidbit in another statistic, but we will be comparing this data against other ransomware cybercrimes.

REvil accounted for the most at 37%, according to X-Force observations alone. 

The second group of actors that teamed up to attack using ransomware was called Ryuk, with 13%, which is substantially less than REvil.

LockBit accounted for 7% of ransomware attacks and AtomSilo 3%.

Other ransomware X-Force observed included AvosLocker, BitLocker, BlackMatter, and Conti. 

According to the data, REvil (started August 2018) and Ryuk (Started April 2019) were two of the longest-running operations in ransomware. 

(IBM, 2022 Report)

11. One in Four Information Technology Professionals Claim to Have Faced at Least One Ransomware Attack in 2022.

The HornetSecurity survey of over 2,000 IT professionals revealed that in 2022, one in four surveyed IT professionals said they experienced at least one ransomware attack.

That’s almost one-quarter (23.9%) of those surveyed.

Furthermore, another 7% claimed to experience multiple ransomware attacks and 72% said the attacks experienced happened over 12 months ago.

In contrast, 21% said they faced ransomware attacks over the past year. 

In the past twelve months, one in twenty companies experienced a ransomware attack, according to the survey.

(HornetSecurity, 2022)

12. Out Of Over 2,000 IT Professionals Surveyed, 74.7% Said that Microsoft 365 Data Can Be Affected by A Ransomware Attack.

Further data from HornetSecurity’s survey of more than 2,000 IT professionals show that it’s possible for cloud data like that from Microsoft 365 can be impacted by ransomware.

This goes to show you that nothing is immune or impenetrable to malicious hackers. 

In the survey, another 19% said they didn’t know for sure and 5.6% said no, Microsoft 365 data can’t be impacted by a ransomware attack.

This data comes from their Hybrid Cloud Adoption survey where cloud-based infrastructures were the focus. 

This data is one reason that extra protections are necessary for all organizations.

(HornetSecurity, 2022)

Ransomware Statistics by Industry

In this section, we will focus on statistics related to industries.

Let’s find out how various industries have been impacted and which ones are the most vulnerable to ransomware attacks. 

13. 2022 Statistics Show that Education Is the Industry Most Targeted by Ransomware Cybercriminals. 

Education was hit the hardest in 2022 by ransomware, according to statistics.

A whopping 89 education industry institutions reported ransomware attacks in 2022, which is one more than that of 2021 when 88 educational organizations reported ransomware. 

That said, the number of schools impacted by ransomware attackers nearly doubled between 2021 and 2022.

In 2021, ransomware cybercriminals hits a total of 1,043 schools. The 2022 number for schools impacted by ransomware came to 1,981.

Due to these kinds of statistics, the cybersecurity community is working tirelessly to protect all those impacted from these breaches. 

(ZDNet, 2023)

14. 25 Incidents of Hospital Ransomware Attacks Were Reported in 2022.

Hospitals and medical centers have been key targets for ransomware attackers for a long time.

Cybercriminals see hospitals as easy targets because they are the most vulnerable. 

That doesn’t mean they aren’t using security measures to prevent it necessarily.

It means hospitals are more likely to pay the ransom faster so they can care for patients with very little interruption.

The impact is less about money (though that is a critical element) and more about patients requiring care in emergencies, life-threatening, and other crucial life-saving measures who are put in life-or-death situations. 

Related:  Number of Lawyers in the US in 2024

(ZDNet, 2023)

15. United States Government Organizations Faced 246 Ransomware Attacks Over the Past Three Years. 


According to sources, between 2017 and 2020, the United States government was hit by 246 ransomware attacks.

These attacks reportedly affected more than 173 million people and the estimated costs for the government accounted for $52.88 billion. 

Government organizations and agencies are among the most at-risk organizations for ransomware.

According to the data, this issue is growing by the day.

It’s evolving as government agencies and officials increase and improve security measures. 

If all government organizations and entities don’t have cybersecurity insurance and security protocols in place, they should.

This also goes for every small, medium, and large business all over the world. 


Ransomware and SMEs

First, what does SME stand for? SME is short for small to medium-sized enterprise.

They are classified as businesses with fewer employees than large businesses and corporations, but more than those with 10 or fewer employees.

The IRS classifies SME as businesses with assets of $10 million or less. 

How does ransomware affect small to medium-sized enterprises (SMEs)? Let’s see what the statistics say. 

16. Ransomware Is the Number One Cause of Loss Among SMEs at 51% of Each Incident Cost. 

Research from NordLocker showed that ransomware targets SMEs more than other kinds of businesses.

In this case, they specifically targets SMEs with between 11 and 50 employees and 51 to 200 employees, respectively. 

This data also showed that one-person businesses are targeted the least, but that doesn’t mean they aren’t targeted at all.

What this information tells us is that company size matters to the ransomware criminal. 

SMEs are the most vulnerable for several reasons, but one is that larger businesses have better security.

(Astra Security, 2022, NordLocker, 2022)

17. A Survey from 2021 Revealed that In 2022, The Manufacturing Industry Faced at Least 437 Ransomware Events. 

Manufacturing is one of the industries getting hit the hardest by ransomware.

In 2022, this industry experienced at least 437 instances of ransomware attacks. That accounts for over 70% of these kinds of troublesome and expensive attacks across industrial companies. 

Dragos, a cybersecurity firm, performed a study that uncovered this data and more.

For instance, the number of ransomware attacks in 2021 accounted for over 605 total ransomware attacks.

Drago alone detected 315 attacks on this sector in 2021.

Therefore, ransomware against manufacturing companies is also on the rise.

(CyberScoop, 2023)

18. The Construction Industry Is More Apt to Pay the Ransom by 74%.

More data from a 2022 Cybereason study showed that 73% of those surveyed said they had faced a ransomware attack in the past 24 months.

Another 28% of these survey respondents said that they paid the ransom demand.

The data showed that the construction industry was the most likely to pay the ransom demand by 74%.

Tech firms own a share of 51% of paying the ransom. Utility and energy companies (47%) are third most likely to pay ransom from a ransomware attack. 

IT, retail, and business and professional services tied at 33% in the list of industries that are most likely to pay a ransom. 

(Cybereason, 2022)

19. Many of The Most Targeted Industries Are Also on The List of Those that Would Pay a Ransom.

This may not be a surprising statistic, but many industries that are targeted by ransomware offenders are also among those willing to pay the ransom.

Among these industries we find construction, technology, public sector, and others who are willing to pay ransoms.

Those who are most targeted, but may be less likely to pay the ransom, include manufacturing, transportation, healthcare, and financial services

(Cybereason, 2022)

20. 92% of Retail Companies that Faced Ransomware Claimed that The Attack Affected Their Ability to Operate.


It would be reasonable to be unable to operate if you’re under a ransomware attack.

Knowing that ransomware can make your business site disappear tells us that.

So, at 92% of retail companies that fell victim to ransomware claiming it impacted their operations, that’s not hard to believe. 

Additionally, 53% of retail-based ransomware attacks were able to recover within a week after the attack.

The average cost of remediation accounts for $1.40 million across retail sectors.

According to more data, 88% of retail company survey respondents said they have insurance coverage against ransomware events.

That’s higher by 5% compared to all sectors. 

(Sophos State of Ransomware Retail 2022)

Worldwide Ransomware Statistics

Now, we will look at some worldwide statistics. 

21. In Austria, 2021, a Single Ransomware Attack Cost $7.75 Million in Remediations. 

In 2021, Austria suffered the highest costs in remediations after a single ransomware attack.

Compared to the global average, Austria businesses pay much more out of pocket than most other countries. 

In fact, Belgium is second to Austria, paying an average of $4.75 per ransomware incident for recovery.

Notice the significant difference between those figures.

The next five countries that follow include, Singapore ($3.46 million), India ($3.38 million), the Netherlands ($2.71 million), the United States ($2.09 million), and Mexico ($2.03 million).

Following Mexico, the figures are under $2 million.

The country with the lowest recovery costs after a ransomware attack is the Czech Republic at $0.37 million.

(Sophos, 2021)

22. The Highest Rate of Ransomware Happens in The United States at 18.2%.

NordLocker reported that the United States and Canada are at the highest risk for ransomware attacks.

This is proven by statistics that say that the United States has the highest percentage of ransomware incidents, at 18.2%. 

The United States has been a target for ransomware hackers for quite some time, so it makes the country susceptible to this form of cybersecurity threat. 

(FCW, NordLocker)

23. 26% of All Global Ransomware Attacks Target Asia.

In 2021, global ransomware statistics revealed that 26% of these attacks targeted Asia. In fact, Asia was the country with the most ransomware attacks in 2021.

While there’s no doubt that many countries all over the world had their own ransomware issues to handle, Asia was hit the hardest in 2021.

Furthermore, the Sangfor Ransomware Trends Report showed that the two industries impacted the most by these attacks were enterprise, education, and research.

Enterprise faced 46.82% of ransomware attacks, while Research and Education experienced 22.83%.

The region targeted includes, but is not limited to, Singapore, Thailand, Hong Kong, Malaysia, and the Philippines. 

(IBM, 2022 Report)

Bonus Statistics

Here we have a few extra statistics you need to know. 

24. More than 200,000 New Ransomware Programs Are Discovered Daily.

Every single day, security systems detect 200,000 new strains of ransomware.

This translates into 140 new types of ransomware programs that can bypass detection and start inflicting harm.

The world is full of threats and the actors behind ransomware lurking about looking for a new target to hit with their malicious software.

They are adept at taking advantage of the vulnerabilities in security that allow them into systems where they can steal and lock them then demand a ransom. 

These cybercriminals have no ethics, so there is no target they won’t hit. 

(Heimdal, 2023)

25. 300,000 New Kinds of Malware Are Created Every Day. 


Since ransomware usually involves some kind of malware, it’s smart to know that 300,000 new malware types are created each day.

This data gives you an idea of how massive this cybersecurity threat is to the world. 

Literally hundreds of thousands of new malicious software programs are written daily that include Trojans, adware, viruses, keyloggers, and other malware that is there to attempt to steal your personal information.

This is what it looks like when cybercriminals invest their time and energy into Malware as a service (MaaS), which is a byproduct of RaaS (Ransomware as a Service. 

(ID Agent, 2023)

26. 90% of People on The Dark Web Are Looking to Hire Hackers Who Will Use Ransomware or Other Forms of Illegal Hacking Methods to Steal Information.

With a little research and digging, we found out that a whopping 90% of people on the Dark web are seeking hackers to do their dirty work.

They are willing to pay them well and often they share a commission of the ransomware take with them.

Ransomware isn’t the only cybercrime sought on the Dark web, but it’s one of the top purposes.

Other cybercrimes people are willing to pay for include phishing, malware infections, and general theft of data.

These nefarious actors are out to make tons of money in one shot without getting caught. They are willing to take the chance.

(ID Agent, 2023)

27. More than 64% of All Financial Companies Have Over 1,000 Sensitive Data Files that Employees Have Access To.

Due to the nature of working in the financial realm, employees at financial companies need to have access to sensitive files that contain client information.

In fact, over 64% of companies in the financial sector store more than 1,000 personal and confidential data files that their employees can access. 

What you may not know is that this can result in non-compliance against regulations like the SOX (Sarbanes-Oxley), the EU General Data Protection Regulation (GDPR), and other consumer privacy laws.

The risk is that they are ripe for picking to a ransomware attacker.

Unfortunately, 70% of all sensitive data is “stale”, according to the Varonis 202 Financial Data Risk Report.

(Varonis, 2021)

28. The Windows OS Is the Most Vulnerable System for Ransomware Attacks. 

What makes the Windows operating system the most vulnerable to ransomware? The fact that it’s loaded on the most affordable computers, which means it’s used by more people.

85% of MSPs (managed service providers) say that Windows is the operating system most targeted by ransomware attackers.

Moreover, people who own Windows computers fail to install the necessary updates for the OS, which leaves it vulnerable to such attacks.

The patches designed to protect your system against viruses are important to install.

Therefore, these things make Windows computers an easy target for malicious actors. 


29. 53% of The Companies in Canada that Experienced Ransomware Paid the Hackers to Get Their Access Back.

One of the key trends found in a Blakes Cybersecurity study shows that 53% of Canadian companies victimized by ransomware attacks paid the ransom to regain access to their networks. 

BEC (Business Email Compromise) at 24% and Ransomware at 35% were the two top cybersecurity threats in Canada in 2019.

In Canada, much like in the United States, the health and financial industries are two of the most likely targets of ransomware attackers. 

Only 29% of Canadian companies had a CIRP (Cybersecurity Incident Response Plan) in place in 2019. We hope that’s changed for the better.

(Blakes Cybersecurity Trends Study 2020)

30. In 2021, Crypto Locker Was the Most Common Ransomware Used at A 52% Share.


New variants of ransomware are constantly being created to attempt to take advantage of vulnerable systems.

In 2021, CryptoLocker was the most dominant ransomware used for hacking events. 

CryptoLocker will encrypt files and then demand payments before you can regain access again.

This ransomware variant has been around since 2013 and keeps on ticking. 

WannaCry is in second place at 26% usage by ransomware attackers.

It came out of North Korea in 2017 and cripples several systems related to logistics like transportation, governments, telecommunications, and more across 150 countries.

(CBS News, Crowdstrike)


How Does Ransomware Get Into a Business Network?

Ransomware cybercriminals prefer email as a deliver method to gain access to an organization’s computer network.

These offenders can be customers, clients, competitors, sub-contractors, or anyone who thinks they can gain from such a heinous act. 

Most often, ransomware is spread across a company’s network via phishing emails with URLs or attachments that contain malicious programming. 

The offenders then use that malware to take over the network and lock out the whole company.

Once they have total control over the system, they will demand a ransom to remove the programming and give the company access to its system again.

This kind of attack is hard to track since the emails look like they are legitimate before one person clicks that link or opens that attachment. 

How Can a Ransomware Hacker Get Paid Ransom and Not Get Caught?

In today’s world of online payment options, anyone who can lock down a whole company with malware can certainly get paid without leaving a footprint.

Mostly, ransom is paid via Bitcoin, digital currency, or prepaid cards. 

There is always a time limit attached to paying the ransom. Some hackers use a premium phone number that the victim calls and makes the payment over that line.

Everything is carefully calculated, which is another reason to have protections in place. 

If the hackers don’t get their request ransom by the provided deadline, they will sell or delete the data they stole from the company. 

What Are the Effects of Ransomware on Businesses?

When the ransomware offender gains access to the business network and computer files, they lock them out.

So, first, the business and its employees at every level cannot access anything on the system, even their personal files. Even the company’s tech person can’t fix that.

Once access is gained by the nefarious intruder(s), the company’s website and whole network can experience lengthy downtime that can become permanent if they don’t pay the ransom.

It’s very costly to get back what’s lost after a ransomware attack, though it can be done. 

These hackers get paid one way or another. It costs the company in numerous ways whether they pay the ransom or not.

Hackers also have access to personal data belonging to the company’s customers, which is likely to do major harm to the company’s reputation since the hackers may sell it if they don’t delete it. 


Ransomware is more than just a challenge in today’s world.

Reports of successful ransomware attacks continue to come in even as you read this article.

The Dark web is full of people willing to hire hackers to gain millions and billions for one attack.

They are dedicated to stealing information and making money from it. This is why we share this information with our readers.

We want to spread awareness so you can prepare and protect yourself the best way you can against such threats.

No one is immune to ransomware, but we know that SMEs are the most targeted of all businesses and that education is the industry that suffers the most attacks. 

Ransomware is dangerous enough to ruin a company and its reputation.

It can also impact individuals, where they lose money, credit, and their own livelihood if they are attacked. 

Now you should recognize the importance of updating your operating system, using sound cybersecurity software, and being proactive in your cybersecurity protocols.

We can’t stress enough how crucial it is to ensure that you have the best security possible.

Otherwise, it can cost monetary losses, productivity, downtime, and more. Some costs aren’t measurable. 

We hope these ransomware statistics have been informative and that you have learned something new here today. 


Astra Security. 2023Astra Security, 2022BlackFog, 2023
Blakes Cybersecurity Trends Study 2020CBS NewsCORVUS
CrowdstrikeCybereason, 2022CyberScoop, 2023
FCWGlobeNewswire, 2020Heimdal, 2023
HornetSecurity, 2022IBM, 2021ID Agent, 2023
Nevada Small Business, 2023NordLockerSafetyDetectives
Sophos, 2021Sophos State of Ransomware Retail 2022Statista, 2022
Varonis, 2021ZDNet, 2023
Written by Kelly Indah
I’m the editor at Increditools and a dedicated cybersecurity expert with a robust technical background. With over a decade’s experience in the tech industry, I have worn many hats, from software developer to security analyst.